Table of Contents
Advertisement
Security recommendations
Secure/non-secure protocols
• Avoid or disable non-secure protocols, for example Telnet and TFTP. For historical reasons,
these protocols are available, however not intended for secure applications. Use non-secure
protocols on the device with caution.
• Check whether use of the following protocols and services is necessary:
– Non authenticated and unencrypted ports
– MRP, HRP
– LLDP
– DHCP Options 66/67
The following protocols provide secure alternatives:
– HTTP → HTTPS
– TFTP → FTPS
– Telnet → SSH
– SNTP → NTP
– SNMPv1/v2c → SNMPv3
• Use secure protocols when access to the device is not prevented by physical protection
measures.
• If you require non-secure protocols and services, operate the device only within a protected
network area.
• Restrict the services and protocols available to the outside to a minimum.
• For the DCP function, enable the "DCP read-only" mode after commissioning.
Available protocols
The following list provides you with an overview of the open protocol ports.
The table includes the following columns:
• Protocol
• Port number
• Port status
– Open
– Closed
16
Check whether use the use of NTP is necessary. NTP is classified as non-secure. Activate
Secure NTP when the NTP server supports this protocol and use the authentication and
encryption mechanisms of Secure NTP.
Check whether use of SNMPv1/v2c. is necessary. SNMPv1/v2c are classified as non-
secure. Use the option of preventing write access. The device provides you with suitable
setting options.
If SNMP is enabled, change the community names. If no unrestricted access is necessary,
restrict access with SNMP.
Use the authentication and encryption mechanisms of SNMPv3.
Compact Operating Instructions, 03/2022, A5E02661178-15
SCALANCE XR-300M PoE
Advertisement
Table of Contents
